From nobody Sun May  5 15:28:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+82267+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+82267+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1634612779; cv=none;
	d=zohomail.com; s=zohoarc;
	b=azgKJXUP0DvbggnRuH8Cr4HwU6QPsyCoPnqNBjptyrDp1RMmZnTLExPK6/It6C9gw9uUV7Wu0cYPC18v+wpQA3TO2z6FgSRH1aoxMuVO/cVE4CT3+df5HPm2j0TZ30LK5f8It9CB0gCMVRMZjJ76J5dT8vvUQ0qKk/td/Tocxb4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1634612779;
 h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=5DPWqLLNfUM9xRBKVQEQHdB7RUI6bXCq1GAxtfAK9Rc=;
	b=PlrfI/6tC1BxbNEK0IFhTYJ2YoPsiEPtyqtUZWs4t41loLZaLb4iQvqAOCB2UWBPMHSH/eDIZGbQwC/ZupEcMbJJfGxJlfABZtUEnvLNTtvCIA2atzlPEyJ5ivofU9km21KvpJwc3pOFGCD7bFqAKYR543R9ILs8kpZRC9U4T9c=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+82267+1787277+3901457@groups.io;
	dmarc=fail header.from=<jie.yang@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1634612779834279.4834781705058;
 Mon, 18 Oct 2021 20:06:19 -0700 (PDT)
Return-Path: <bounce+27952+82267+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id awXAYY1788612xamM0p2hZYm;
 Mon, 18 Oct 2021 20:06:19 -0700
X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by mx.groups.io with SMTP id smtpd.web10.4763.1634612777724378478
 for <devel@edk2.groups.io>;
 Mon, 18 Oct 2021 20:06:18 -0700
X-IronPort-AV: E=McAfee;i="6200,9189,10141"; a="228290060"
X-IronPort-AV: E=Sophos;i="5.85,383,1624345200";
   d="scan'208";a="228290060"
X-Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 18 Oct 2021 20:06:16 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,383,1624345200";
   d="scan'208";a="444331342"
X-Received: from desktop-yang.ccr.corp.intel.com ([10.239.158.52])
  by orsmga003.jf.intel.com with ESMTP; 18 Oct 2021 20:06:14 -0700
From: "Yang Jie" <jie.yang@intel.com>
To: devel@edk2.groups.io
Cc: gaoliming@byosoft.com.cn,
	michael.d.kinney@intel.com,
	guomin.jiang@intel.com,
	wei6.xu@intel.com,
	Yang Jie <jie.yang@intel.com>
Subject: [edk2-devel] [PATCH] FmpDevicePkg/FmpDxe: Use new Variable Lock
 interface
Date: Tue, 19 Oct 2021 11:06:11 +0800
Message-Id: <20211019030611.3060-1-jie.yang@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,jie.yang@intel.com
X-Gm-Message-State: dIYLHinQMPZWP49fOE1p8fepx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1634612779;
 bh=LDg5Pn4aEADdLhzsH8fcHdqpNj2CbuTgDTkT7Q1FvfQ=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=enEyJqVZeJ2wCtFJ3Y/nsGUNOAM6gVSrJzW8S7/75TJdbk56YasscBaZO08rixfZ83K
 TUygf06kNkTcFdtEowe+a+yN+K0Tl7RJeDjqzWYBMeUBS2AdZdDH1U+YG5F6Depk6PYRt
 VTe4MLcK5U7AuZ8cupgPtrl4KEONsGcagHs=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1634612781765100002
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3655
The code in FmpDevicePkg call the deprecated interface
VariableLockRequestToLockc. So I changed the code in
FmpDevicePkg using RegisterBasicVariablePolicy, instead
of the deprecated interface.

Signed-off-by: Yang Jie <jie.yang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
---
 FmpDevicePkg/FmpDevicePkg.dsc         |  1 +
 FmpDevicePkg/FmpDxe/FmpDxe.h          |  4 +-
 FmpDevicePkg/FmpDxe/FmpDxe.inf        |  5 +-
 FmpDevicePkg/FmpDxe/VariableSupport.c | 69 +++++++++++++--------------
 4 files changed, 39 insertions(+), 40 deletions(-)

diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc
index b420f52a08..7b1af285dd 100644
--- a/FmpDevicePkg/FmpDevicePkg.dsc
+++ b/FmpDevicePkg/FmpDevicePkg.dsc
@@ -53,6 +53,7 @@
   DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD=
ebugPrintErrorLevelLib.inf
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+  VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var=
iablePolicyHelperLib.inf
 !ifdef CONTINUOUS_INTEGRATION
   BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
 !else
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.h b/FmpDevicePkg/FmpDxe/FmpDxe.h
index 1177b1828e..4d94a925b6 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.h
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.h
@@ -4,7 +4,7 @@
   information provided through PCDs and libraries.
=20
   Copyright (c) Microsoft Corporation.<BR>
-  Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>
=20
   SPDX-License-Identifier: BSD-2-Clause-Patent
=20
@@ -33,11 +33,11 @@
 #include <Library/FmpDependencyDeviceLib.h>
 #include <Protocol/FirmwareManagement.h>
 #include <Protocol/FirmwareManagementProgress.h>
-#include <Protocol/VariableLock.h>
 #include <Guid/SystemResourceTable.h>
 #include <Guid/EventGroup.h>
 #include <LastAttemptStatus.h>
 #include <FmpLastAttemptStatus.h>
+#include <Library/VariablePolicyHelperLib.h>
=20
 #define VERSION_STRING_NOT_SUPPORTED  L"VERSION STRING NOT SUPPORTED"
 #define VERSION_STRING_NOT_AVAILABLE  L"VERSION STRING NOT AVAILABLE"
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf
index eeb904a091..1c296388b0 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.inf
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf
@@ -4,7 +4,7 @@
 #  information provided through PCDs and libraries.
 #
 #  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
-#  Copyright (c) 2018 - 2020, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 ##
@@ -55,14 +55,15 @@
   FmpDependencyLib
   FmpDependencyCheckLib
   FmpDependencyDeviceLib
+  VariablePolicyHelperLib
=20
 [Guids]
   gEfiEndOfDxeEventGroupGuid
=20
 [Protocols]
-  gEdkiiVariableLockProtocolGuid                ## CONSUMES
   gEfiFirmwareManagementProtocolGuid            ## PRODUCES
   gEdkiiFirmwareManagementProgressProtocolGuid  ## PRODUCES
+  gEdkiiVariablePolicyProtocolGuid              ## CONSUMES
=20
 [Pcd]
   gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable             =
 ## CONSUMES
diff --git a/FmpDevicePkg/FmpDxe/VariableSupport.c b/FmpDevicePkg/FmpDxe/Va=
riableSupport.c
index 86dd5b203b..c4b72a2ff9 100644
--- a/FmpDevicePkg/FmpDxe/VariableSupport.c
+++ b/FmpDevicePkg/FmpDxe/VariableSupport.c
@@ -3,7 +3,7 @@
   firmware updates.
=20
   Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
-  Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>
=20
   SPDX-License-Identifier: BSD-2-Clause-Patent
=20
@@ -729,29 +729,30 @@ SetLastAttemptVersionInVariable (
 static
 EFI_STATUS
 LockFmpVariable (
-  IN EFI_STATUS                    PreviousStatus,
-  IN EDKII_VARIABLE_LOCK_PROTOCOL  *VariableLock,
-  IN CHAR16                        *VariableName
+  IN EFI_STATUS                      PreviousStatus,
+  IN EDKII_VARIABLE_POLICY_PROTOCOL  *VariablePolicy,
+  IN CHAR16                          *VariableName
   )
 {
   EFI_STATUS  Status;
=20
-  Status =3D VariableLock->RequestToLock (
-                           VariableLock,
-                           VariableName,
-                           &gEfiCallerIdGuid
-                           );
-  if (!EFI_ERROR (Status)) {
-    return PreviousStatus;
+  // If success, go ahead and set the policies to protect the target varia=
bles.
+  Status =3D RegisterBasicVariablePolicy (VariablePolicy,
+                                        &gEfiCallerIdGuid,
+                                        VariableName,
+                                        VARIABLE_POLICY_NO_MIN_SIZE,
+                                        VARIABLE_POLICY_NO_MAX_SIZE,
+                                        VARIABLE_POLICY_NO_MUST_ATTR,
+                                        VARIABLE_POLICY_NO_CANT_ATTR,
+                                        VARIABLE_POLICY_TYPE_LOCK_NOW);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Statu=
s =3D %r\n",
+            mImageIdName,
+            &gEfiCallerIdGuid,
+            VariableName,
+            Status
+           ));
   }
-
-  DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s.  Status=
 =3D %r\n",
-    mImageIdName,
-    &gEfiCallerIdGuid,
-    VariableName,
-    Status
-    ));
-
   if (EFI_ERROR (PreviousStatus)) {
     return PreviousStatus;
   }
@@ -773,26 +774,22 @@ LockAllFmpVariables (
   FIRMWARE_MANAGEMENT_PRIVATE_DATA  *Private
   )
 {
-  EFI_STATUS                    Status;
-  EDKII_VARIABLE_LOCK_PROTOCOL  *VariableLock;
-
-  VariableLock =3D NULL;
-  Status =3D gBS->LocateProtocol (
-                  &gEdkiiVariableLockProtocolGuid,
-                  NULL,
-                  (VOID **)&VariableLock
-                  );
-  if (EFI_ERROR (Status) || VariableLock =3D=3D NULL) {
-    DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to locate Variable Lock Proto=
col (%r).\n", mImageIdName, Status));
-    return EFI_UNSUPPORTED;
+  EFI_STATUS                        Status;
+  EDKII_VARIABLE_POLICY_PROTOCOL    *VariablePolicy;
+
+  // Locate the VariablePolicy protocol.
+  Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL,=
 (VOID**)&VariablePolicy );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "FmpDxe %a - Could not locate VariablePolicy prot=
ocol! %r\n", __FUNCTION__, Status));
+    return Status;
   }
=20
   Status =3D EFI_SUCCESS;
-  Status =3D LockFmpVariable (Status, VariableLock, Private->VersionVariab=
leName);
-  Status =3D LockFmpVariable (Status, VariableLock, Private->LsvVariableNa=
me);
-  Status =3D LockFmpVariable (Status, VariableLock, Private->LastAttemptSt=
atusVariableName);
-  Status =3D LockFmpVariable (Status, VariableLock, Private->LastAttemptVe=
rsionVariableName);
-  Status =3D LockFmpVariable (Status, VariableLock, Private->FmpStateVaria=
bleName);
+  Status =3D LockFmpVariable (Status, VariablePolicy, Private->VersionVari=
ableName);
+  Status =3D LockFmpVariable (Status, VariablePolicy, Private->LsvVariable=
Name);
+  Status =3D LockFmpVariable (Status, VariablePolicy, Private->LastAttempt=
StatusVariableName);
+  Status =3D LockFmpVariable (Status, VariablePolicy, Private->LastAttempt=
VersionVariableName);
+  Status =3D LockFmpVariable (Status, VariablePolicy, Private->FmpStateVar=
iableName);
=20
   return Status;
 }
--=20
2.26.2.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82267): https://edk2.groups.io/g/devel/message/82267
Mute This Topic: https://groups.io/mt/86430867/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-